← Back to Adobe ColdFusion Security Technical Implementation Guide

V-279059

CAT II (Medium)

ColdFusion must only transmit encrypted representations of passwords to the Solr Server.

Rule ID

SV-279059r1171533_rule

STIG

Adobe ColdFusion Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000197

Discussion

Solr is an open-source search platform used for indexing and searching data. When data is transmitted between ColdFusion and the Solr Server without encryption, it is vulnerable to interception and unauthorized access. This can lead to the exposure of sensitive information, including search queries, indexing data, and other confidential information. By requiring the Solr Server connection to use encryption for data transmission, the ColdFusion server ensures that the data is protected from eavesdropping and tampering. This practice helps maintain the confidentiality and integrity of the data, thereby enhancing the overall security of the server and the applications it hosts. Regularly verifying and enforcing using encryption for all Solr Server connections is essential for maintaining a secure server environment.

Check Content

If the Solr package is not installed, this is Not Applicable.

Verify encryption to the Solr Server.

From the Admin Console Landing Screen, navigate to Data &amp; Services &gt;&gt; Solr Server.

If the Solr Host Name is "localhost", this is not a finding.

If the "Use HTTPS connection" setting is unchecked or "Solr Admin HTTPS Port" is zero, this is a finding.

Fix Text

If the Solr package is not installed, this finding is Not Applicable.

Configure encryption to the Solr Server.

1. From the Admin Console Landing Screen, navigate to Data &amp; Services &gt;&gt; Solr Server.

2. Check "Use HTTPS connection" checkbox.

3. Enter the Solr Admin HTTPS Port.

4. Select "Submit Changes".